openstore-team team mailing list archive
-
openstore-team team
-
Mailing list archive
-
Message #00026
Re: Submission to OpenStore: Seabass code editor
Thank you for your help, Michael.
Best regards,
Mikhail.
2016-08-07 5:31 GMT+07:00 Michael Zanetti <michael.zanetti@xxxxxxxxxxxxx>:
> Right, write path is what you want then. Not sure if it requires to have
> both, read and write paths, but we'll see.
>
>
> On 06.08.2016 19:13, Mikhail Milikhin wrote:
> > Thank you, Michael.
> >
> > I'd like to give users ability to read and edit any file in Home
> directory.
> > That's why I think read_path is not the best solution as it will allow
> > only reading files but not writing.
> >
> > I read the docs again and understand that I just missed that there is
> > also "write_path" field available.
> > So I think adding the following line to the manifest will be a good way
> > to give read/write access to Home directory:
> >
> > "write_path": ["@{HOME}/"]
> >
> >
> > Is that correct?
> > If so, I updated build instructions (replaced /unconfined/ template with
> > /write_path/ in apparmor patch) at
> > https://github.com/milikhin/seabass/blob/master/building.
> md#31-patch-for-an-unconfined-version.
> >
> > Best regards,
> > Mikhail.
> >
> > 2016-08-06 16:44 GMT+07:00 Michael Zanetti
> > <michael.zanetti@xxxxxxxxxxxxx <mailto:michael.zanetti@xxxxxxxxxxxxx>>:
> >
> > Hi Mikhail,
> >
> > thanks for your submission. I will try to review it today. One thing
> > that immediately jumps to mind is the question why you'd need to use
> the
> > unconfined template. If you only require reading files in the home
> > directory, it would be better if you'd use read_paths instead.
> Here's an
> > example:
> >
> > https://open.uappexplorer.com/app/falcon.bhdouglass
> > <https://open.uappexplorer.com/app/falcon.bhdouglass>
> >
> > Click on the "Manifest" button, it will also contain the apparmor
> > profile for this app and show you how you can access those files
> without
> > dropping apparmor completely. What do you think?
> >
> > Best regards,
> > Michael
> >
> > On 06.08.2016 08:13, Mikhail Milikhin wrote:
> > > Hello OpenStore team,
> > >
> > > I'd like to submit new application - Seabass code editor - to
> OpenStore.
> > > The app is already available in Ubuntu Store
> > > (https://uappexplorer.com/app/seabass.mikhael
> > <https://uappexplorer.com/app/seabass.mikhael>) but it's restricted
> to
> > > read/edit files only in it's own directory at
> > > /.local/share/seabass.mikhael/. I'd like to upload the same app
> > but with
> > > unconfined AppArmor template. It'll give app unrestricted access to
> > > user's Home directory. Hence users will be able to read/edit any
> files
> > > in Home directory.
> > >
> > > Application sources are available on GitHub:
> > > https://github.com/milikhin/seabass/releases/latest
> > <https://github.com/milikhin/seabass/releases/latest>.
> > > Ubuntu SDK is not required to build .click package, instead of it
> latest
> > > Cordova for Ubuntu is used.
> > > Complete build instructions are available on GitHub:
> > > https://github.com/milikhin/seabass/blob/master/building.md
> > <https://github.com/milikhin/seabass/blob/master/building.md>.
> > >
> > > Since within Cordova framework AppArmor profile is generated
> > > automatically during the build process, I don't have permanent
> > > /.apparmor/ and /.apparmor.openstore/ files. The app uses standard
> > > Cordova AppArmor profile but with additional hak
> > >
> > (https://github.com/milikhin/seabass/blob/master/building.
> md#31-patch-for-an-unconfined-version
> > <https://github.com/milikhin/seabass/blob/master/building.
> md#31-patch-for-an-unconfined-version>)
> > > to set template to Unconfined.
> > >
> > > Please, send me a message if you have any questions about app or
> build
> > > process.
> > >
> > > Best regards,
> > > Mikhael Milikhin
> > >
> > >
> >
> >
>
>
Follow ups
References
